How to Set Up Automated Testing for MFA Using Selenium, Cucumber, and Appium

Multi-Factor Authentication is a common feature across various applications. It is an essential safeguard to make sure only the right people have access to sensitive accounts and information. While MFA offers great security, it can be difficult feature to put in test automation. Every time a login requires manual verification, it disrupts the automated flow, slowing down testing and requiring human intervention.

Keep reading to explore how to set-up test automation for Multi-Factor Authentication using Selenium, Cucumber, and Appium.

Understanding Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) adds extra steps to a typical login to make sure that only verified users can access an account. Beyond a password, MFA might ask for a code from an app or text, a fingerprint, or another form of verification. This extra step boosts security and is critical for apps with sensitive data.

Common MFA Tools

There are a few popular methods to add that second layer of security, from SMS codes to authenticator apps. The Microsoft Authenticator app, in particular, is widely used because it’s easy to set up, integrates smoothly with Microsoft accounts, and works with other apps too. For our purposes, it’s a great example of how MFA works and the focus of our automation strategy.

Challenges of Manual MFA in Test Automation

• Manual Intervention Delays – Manually entering a new code every time MFA is triggered slows down the whole testing process. When you’re trying to automate testing to be fast and efficient, stopping for manual input is a huge time drain.
• Inconsistency in Test Results – Relying on human input also creates room for error. Mistyping a code or being slow to enter it can throw off the test results. Ideally, tests should run consistently, but with manual MFA steps, it’s hard to avoid little inconsistencies that could lead to inaccurate results.
• Scaling in CI/CD Pipelines – In CI/CD environment, automation should ideally run smoothly from start to finish without needing manual intervention. But with manual MFA, there’s a bottleneck. Scaling becomes difficult because each test that involves MFA requires someone to be ready to step in, which slows down the pipeline.
• Security Lockouts – Testing environments with frequent MFA logins can sometimes trigger account lockouts. MFA security features can kick in if they detect too many attempts, especially if codes are incorrect or delayed. This can bring testing to a standstill while access is reset.
• Resource Constraints – When tests depend on manual MFA input, they also require a team member to handle those inputs, watch the tests, and troubleshoot issues. This can quickly become a resource-heavy task, taking valuable time and attention away from other critical projects.

Why is Automation MFA needed?

Automating MFA clears up all these roadblocks. With automation, tests can run on autopilot without needing a manual code entry, making testing faster and more reliable. It also lets teams fully integrate automated testing into CI/CD pipelines without interruption. By automating MFA, teams can save resources, minimize errors, and keep tests moving at the speed they need.

Types of testing used when automating MFA

• Functional testing – Verifies that the Multi-Factor Authentication (MFA) process operates as intended, ensuring each component performs its designated function.
• End-to-End testing – Validates the entire workflow, from the initial login process through to successful access, ensuring a seamless user experience.
• Regression testing – Confirms that any modifications or additions to the codebase do not adversely affect existing MFA functionality, thereby maintaining stability across the application.
• Integration testing – Ensures seamless interaction between various system components, verifying that they work together correctly within the MFA framework.
• Security testing – Assesses the robustness of the MFA process, ensuring it is fortified against potential vulnerabilities and cannot be easily compromised.

Testing teams usually automate such scenarios during testing in development or staging environments. These testing types play a crucial role to ensure that MFA implementation is reliable and secure.

Setting Up MFA Automation with Selenium-Cucumber and Appium

For this automation task, we’ll utilize a Selenium-Cucumber framework with Appium integration. The initial setup involves initializing both the Selenium driver for web interactions and the Appium driver for mobile app interactions.

Hook Class Initialization

In the Hook class, we set up the environment before executing our test scenarios

Ex:

This code snippet ensures that both the web and mobile environments are ready for testing.

Automating the Login Process

To begin automating the MFA process, we need to launch the Microsoft login page, where users can enter their credentials. After successful login, the user is prompted to approve the sign-in request via the Microsoft Authenticator app.

Capturing the Security Code

The first step in our automation is to capture the security code from the “Approve sign-in request” page. We create a method in our page class that logs into the application and retrieves the security code.

Ex:

In this method:

• The user’s email and password are entered.
• After clicking the “Next” button, the security code displayed on the screen is captured and stored in the MFAdata variable.

Entering the Captured Security Code

Next, we need to input this captured security code into the MFA Authenticator app. We create a method to launch the app and enter the security code.

Ex:

In this method:

• The Authenticator app is launched, and the captured security code is entered.
• Following this, the user can confirm the sign-in request.

Integrating with Step Definitions

To tie everything together, we need to integrate our methods into the Cucumber step definitions. We’ll store the captured security code in a variable for further use.

Ex:

In this step:

• The user launches the application and logs in.
• The captured security code is passed to the method that interacts with the MFA Authenticator app, completing the authentication process.

Other Scenarios to automate using this approach: We can automate scenarios where a user interacts with both a web application and a mobile app simultaneously, capturing a code or text from the web and entering it into the mobile app to continue testing.

Automating MFA with Selenium and Appium boosts testing efficiency and ensures that security features are thoroughly validated. By implementing these automation strategies, you can keep your testing smooth, consistent, and free from manual interruptions—all while preserving strong security standards.

Do you have any such features in your applications that are tough to test through automation?
At Enhops, we specialize in helping organizations in improving their testing and quality assurance strategies through test automation. Our test automation services give a head start to organizations who want to improve their testing processes with ready-to-use automation accelerators & frameworks. With our Low-Code, No-Code test automation approach, we seamlessly integrate test automation services within your CI-CD pipelines ensuring efficient and reliable software delivery.